nginx ultimate bad bot blocker V3.2019.04.1377 releases

Welcome to the Ultimate Nginx Bad Bot, User-Agent, Spam Referrer Blocker, Adware, Malware and Ransomware Blocker, Click-Jacking Blocker, Click-Redirect Blocker and Bad IP Blocker with Anti-DDOS System, Nginx Rate Limiting and WordPress Theme Detector Blocking.

Bots attempt to make themselves look like other software or websites by disguising their user agent. Their user agent names may look harmless, perfectly legitimate even.

For example, “^Java” but according to Project Honeypot, it’s actually one of the most dangerous BUT a lot of legitimate bots out there have “Java” in their user agent string so the approach taken by many to block “Java” is not only ignorant but also blocking out very legitimate crawlers including some of Google’s and Bing’s and makes it very clear to me that those people writing bot blocking scripts seldom ever test them.

Spam Referrers and Spam Domain Names use very clever techniques to hop off your sites running very lucrative click-jacking and click-redirecting campaigns which serve ads to unsuspecting people browsing the web or even planting malware, adware or ransomware into their browsers which then become part of their lucrative network of bots.

This Bot Blocker includes hundreds of domain names and IP addresses that most people will not even see in their Nginx logs. This comes as a result of all my sites running of SSL and using Content-Security-Policy (CSP) which blocks things before they even get to Nginx and I have picked up and continue to pick up some of the worst domains and bots out there.

A massive amount of Porn, Gambling and Fake News websites are also blocked in this blocker script which also grows at a rapid pace.


  • Extensive Lists of Bad and Known Bad Bots and Scrapers (updated almost daily)
  • Blocking of Spam Referrer Domains and Web Sites
  • Blocking of SEO data collection companies like,, and many others (updated regularly)
  • Blocking of clickjacking Sites linked to Adware, Malware and Ransomware
  • Blocking of Porn and Gambling Web Sites who use Lucrative Ways to Earn Money through Serving Ads by hopping off your domain names and websites.
  • Blocking of Bad Domains and IP’s that you cannot even see in your Nginx Logs. Thanks to the Content Security Policy (CSP) on all my SSL sites I can see things trying to pull resources off my sites before they even get to Nginx and get blocked by the CSP.
  • Anti-DDOS Filter and Rate Limiting of Aggressive Bots
  • Alphabetically ordered for easier maintenance (Pull Requests Welcomed)
  • Commented sections of certain important bots to be sure of before blocking
  • Includes the IP range of Cyveillance who are known to ignore robots.txt rules and snoop around all over the Internet.
  • Whitelisting of Google, Bing and Cloudflare IP Ranges
  • Whitelisting of your own IP Ranges that you want to avoid blocking by mistake.
  • Ability to add other IP ranges and IP blocks that you want to block out.
  • If its out there and it’s bad it’s already in here and BLOCKED !!

Install && Tutorial

Copyright (c) 2017 Mitchell Krog –¬†